Remarks 



Status of application 

Claims 1-24 were examined and stand rejected in view of prior art. The 
distinctions between Applicant's invention and the cited prior art references are discussed 
in detail in the following remarks. In view of the below remarks, reexamination and 
reconsideration are respectfully requested. 

The invention 

Applicant's invention comprises an entitlements system and methodology which 
provides the ability to define entitlements and apply them individual users and/or groups 
using a hierarchical entitlements structure with inheritance. The entitlements which may 
be defined using the solution include application-specific entitlements (e.g., performing 
certain functions of an application), transaction entitlements (e.g., performing certain 
transactions or operations on an object), and limits or limit entitlements (e.g., maximum 
per transactions or cumulative dollar limit for payments or other banking functions). 

Applicant's solution also includes hierarchical-based roles in which a given a role 
may be defined to have certain entitlements. A given role may, in turn, have subroles 
that inherit attributes of the parent (i.e., superior role). This approach may be used to 
establish a hierarchy of roles, where roles inherit entitlements (permissions) from above. 
In accordance with the present invention, Applicant's general approach provides that the 
inheritance is negative (i.e., restrictive). A root node ("root") resides at the top of the 
inheritance hierarchy and is predefined to be enabled to perform all functions (i.e., has all 
entitlements). As Applicant's hierarchical entitlements structure is traversed, additional 
restrictions are applied. Using this approach, certain functions are enabled or restricted 
for given users or groups. For each function that is enabled, the function is typically 
associated with limit(s) and a period, thereby providing a maximum amount or volume 
per period as well as a fixed amount per transaction type. In this manner, individuals 
may be easily added to the hierarchy and enabled to perform operations, subject to 
established limits. 

Applicant's solution determines all limits and tracks running totals of activities 
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per user and/or per group (e.g., division, department or the like). A particular user may 
be affected by any limits that have been specifically defined as applying to him or her as 
well as limits defined for the group that he or she belongs to, one or more parents of the 
group that he or she belongs to, and/or any limits set for the business. Applicant's 
invention provides a flexible solution to define a hierarchy of roles and to establish and 
enforce entitlements of these roles among multiple dimensions, thereby allowing 
constraint processing in a manner that achieves the business goals desired. Dimensions 
may be processed in different combinations along the lines of users and their groups, 
along the lines of hierarchical groups, along the lines of time periods, and along the lines 
of objects and functions (including monetary limits). 



Prior art rejections 

A. First Section 103 rejection: Win and Rowe 

Claims 1, 4-5, 7-8, 10-16 and 18-24 stand rejected under 35 U.S.C. 103(a) as 
being unpatentable over U.S. Patent 6,1261,139 to Win (hereinafter "Win") in view of 
U.S. Published Application 2002/0029339 of Rowe (hereinafter "Rowe"). The 
Examiner's rejection of claims 1 is representative: 

Re claim 1 , Win teaches the limitation of a computer-implemented method for 
specifying and enforcing entitlements for performance of financial transactions, 
the method comprising: 

providing a hierarchical entitlement structure with inheritance for specifying 
entitlements for performing financial transactions (column 4, lines 22-26; column 
5, lines 7-8); 

in response to a particular user request to perform a financial transaction at 
runtime, identifying the particular user's membership in a certain entitlement 
group (column 5, lines 45-55); 

determining whether to allow the particular user to perform the financial 
transaction based on permissions and limits of said hierarchical entitlement 
structure applicable to the particular user's performance of the financial 
transaction (column 4, lines 15-18); 

receiving user input for defining a plurality of entitlement groups of said 
hierarchical entitlement structure, wherein each entitlement group has specified 
permissions to perform financial transactions (column 15, lines 15-21; column 4, 
lines 24-26). 

Win doesn't explicitly teach the limitation comprising limits on performance of 
said financial transactions, and membership of each user. Rowe, however, makes 
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this teaching (paragraph 12, lines 5-13; paragraph 14). It would have been 
obvious to one of ordinary skill in the art at the time of the invention to combine 
the teaching of Rowe with those of Win as discussed above for the motivation of 
establishing entitlement to access the account (Rowe, abstract). 

Under Section 103(a), a patent may not be obtained if the differences between the 
subject matter sought to be patented and the prior art are such that the subject matter as a 
whole would have been obvious at the time the invention was made to a person having 
ordinary skill in the art to which the subject matter pertains. To establish a prima facie 
case of obviousness under this section, the Examiner must establish: (1) that there is 
some suggestion or motivation, either in the references themselves or in the knowledge 
generally available to one of ordinary skill in the art, to modify the reference or to 
combine reference teachings, (2) that there is a reasonable expectation of success, and (3) 
that the prior art reference (or references when combined) must teach or suggest all the 
claim limitations. (See e.g., MPEP 2142). As will be shown, the Win and Rowe 
references cited by the Examiner fail to meet the requisite condition of teaching or 
suggesting all of Applicant's claim limitations. 

The Examiner equates Win's access control system which associates users with 
one or more administrative roles and associates each administrative role with one or more 
administrative privileges with Applicant's hierarchical entitlement solution which 
specifies entitlements and limits for performing financial transactions (Applicant's 
specification, paragraph [0013]). However, one initial difference between Applicant's 
invention and Win's solution is that Applicant's invention is focused on specifying and 
enforcing entitlements for performing financial transactions in a financial application 
(e.g., corporate banking application) (Applicant's specification, paragraph [0043]). The 
entitlements which may be defined using Applicant's invention include application- 
specific entitlements (e.g., performing certain functions of an application), transaction 
entitlements (e.g., performing certain transactions or operations on an object), and limits 
or limit entitlements (e.g., maximum dollar limit for payments or similar banking 
functions). (Applicant's specification, paragraph [0044]). These features are included as 
limitations of Applicant's claims including, for instance, the following limitations of 
Applicant's claim 1: 
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A computer-implemented method for specifying and enforcing entitlements for 
performance of financial transactions , the method comprising: 
providing a hierarchical entitlement structure with inheritance for specifying 
entitlements for performing financial transactions 

(Applicant's claim 1, emphasis added) 

The Examiner references Win at column 4, lines 22-26 and column 5, lines 7-8 as 
including equivalent teachings. However, the referenced portions of Win simply describe 
assigning users to various roles (e.g., customers, suppliers or business partners) (Win 
column 4, lines 22-26), with the roles defining their information needs and rights and 
privileges (Win column 5, lines 7-8). Significantly, Applicant's review of the entire Win 
reference finds that Win makes no mention whatsoever of financial transactions or of 
privileges and limitations for performing financial transactions. 

Additionally, Win's access control system does not include a hierarchical 
entitlement structure with inheritance . Instead, Win's system provides for defining roles, 
with each role having a set of permissions. One or more of these roles is then assigned to 
a given user. The difference between Win's approach and that of Applicant can be 
illustrated by example. Suppose, for instance, a customer service representative needs 
permission for performing transactions al, a2 and a3. Furthermore, a customer service 
manager needs permissions for everything a customer service representative can do (i.e., 
al, a2 and a3) plus cl. Additionally, assume a customer service director needs 
permission for everything a customer service manager can do (i.e., al, a2, a3 and cl) plus 
dl. In Win's system, these permissions can be assigned one of the two ways described 
below. 

The first approach which can be used in Win's system is to create three roles as 
follows (i) role csr with permissions al, a2, a3; (ii) role csm with permission cl; and role 
csd with permission dl . The role csr would then be assigned to the customer service 
representative. The customer service manager would then be assigned two roles (csr and 
csm) and the customer service director would be assigned all three roles (csr, csm, csd). 
As illustrated, as one goes up the management chain in an organization, administration of 
this type of access control system becomes cumbersome due to the number of roles that 
need to be assigned to some users. 
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The second approach which can be utilized with Win's system would be to define 
the same three roles, but assign the privileges differently as follows: (i) role csr with 
permissions al, a2, a3; (ii) role csm with permissions al, a2, a3, cl; and (iii) role csd with 
permissions al, a2, a3, cl, dl. However, consider what happens when a customer service 
representative needs permission to do a4, and therefore customer service managers and 
directors also need to do a4. This requires that all three roles be changed to add the 
permission to do a4, which is inconvenient and more difficult to administer. 

With Applicant's hierarchical entitlement system with inheritance, in contrast, 
one can define an inheritance relationship between the customer service manager role and 
the customer service representative role and another relationship between the customer 
service director and the customer service manager. Each user can still have one role 
(e.g., customer service manager), yet gain permissions from other roles through 
inheritance. This makes management of permissions in a hierarchical environment such 
as a corporation easier to model and administer. The features of a hierarchical 
entitlement structure with inheritance are also included as limitations of Applicant's 
claims. For example, Applicant's claim 1 includes the following: 

providing a hierarchical entitlement structure with inheritance for specifying 
entitlements for performing financial transactions; 
receiving user input for defining a plurality of entitlement groups of said 
hierarchical entitlement structure, wherein each entitlement group has specified 
permissions to perform financial transactions , limits on performance of said 
financial transactions, and membership of each user; 

(Applicant's claim 1, emphasis added) 

Applicant's review of Win finds no mention whatsoever of a hierarchical 
entitlement structure with inheritance as described in Applicant's specification and 
claims. In addition, the Examiner acknowledges that Win provides no teachings of limits 
on performance of financial transactions and membership of users in entitlement groups 
of the above-described hierarchical entitlement structure. Thus, the Examiner adds Rowe 
for these teachings. 

Turning to the teachings of Rowe, one finds that although Rowe mentions the 
word "limit" it does not include features for defining and enforcing limits on the 
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performance of financial transactions comparable to Applicant's claimed invention. 
Rowe describes a solution for opening a new bank or financial account with a financial 
provider electronically (Rowe, paragraph [0012], paragraphs [0028]-[0029]). As part of 
Rowe's methodology for establishing an account, a "value limit" is assigned to the 
account (Rowe, paragraph [0012]). This value limit is the maximum amount of funds 
what will be held in the account, which is typically the amount of the initial deposit into 
the account (Rowe, paragraph [0040]). Thus, Rowe's value limit is a single number that 
is assigned to an account that is checked when funds enter the account (Rowe, paragraphs 
[0040]-[0041]). In other words, Rowe's "value limit" is a number associated with a 
given financial account (e.g., bank account) and is not a limit which is tied to a user's 
role . In fact, Applicant's review of Rowe finds no mention of roles with permissions 
relating to the type and amount of financial transactions that may be performed by users 
having such roles. 

Moreover, the limits which can be defined and enforced with Applicant's claimed 
invention are not single numbers associated with a given financial account. Instead, 
Applicant's invention enables a user or administrator to define both per-transaction limits 
and cumulative limits over a period of time for each type of activity being performed by 
users having a given role. For example, limits for each role (including those with are 
inherited) may be established per-transaction as well as per day, per week and/or per 
month for each type of activity being performed by the user. For example, Applicant's 
invention would allow one to define a "mass market consumer" role which has 
permission to pay bills up to a maximum amount of $500 per bill, with a maximum 
cumulative limitation of $2,000 per week. Another "affluent consumer" role can be 
defined which permits a user having such role to pay bills up to $1 ,000 per bill, up to 
$5,000 per week and may perform external transfers of up to $10,000 per month. These 
features of defining limits are also included as limitations of Applicant's claims. For 
example, Applicant's claim 8 includes the following limitations: 

The method of claim 1 , wherein said step of defining a plurality of entitlement 
groups includes defining limits comprising a selected one of per-transaction limits 
and cumulative limits over a period of time . 

(Applicant's claim 8, emphasis added) 
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The Examiner references Rowe at paragraphs [0012], lines 5-13 and paragraph 
[0014] for the corresponding teachings. However, these paragraphs simply describe a 
single value limit applicable to a given financial account and, therefore, are not 
comparable to the above-described features of Applicant's claimed invention. 

All told, Win and Rowe, even when combined, do not include teachings of a 
hierarchical entitlement system with inheritance that enables one to define and enforce 
user permissions for performing financial transactions. In addition, the combined 
references do not include any teaching of defining both per transaction limits and 
cumulative limits over a period of time for each type of activity being performed by users 
having a given role. Therefore, as the prior art references do not teach or suggest all of 
the claim limitations of Applicant's claims, it is respectfully submitted that the claims 
distinguish over the prior art references and overcome any rejection under Section 103. 

B. Second Section 103 rejection: Win, Rowe and Barkley 

Claims 2-3, 6, 9 and 17 stand rejected under 35 U.S.C. 103(a) as being 
unpatentable over Win (above) in view of Rowe (above), further in view of U.S. Patent 
6,202,066 to Barkley (hereinafter "Barkley"). As to these claims, the Examiner continues 
to rely on Win and Barkley, but acknowledges that they do not teach certain limitations 
of these dependent claims, including limitations of a hierarchical entitlement structure in 
which permissions of a given entitlement group are defined by restricting permissions 
inherited from its parent entitlement group (Applicant's claim 2 and claim 3). The 
Examiner therefore adds Barkley for these teachings. 

These claims are believed to be allowable for at least the reasons cited above (as 
to the first Section 103 rejection) pertaining to the deficiencies of Win and Rowe as to 
Applicant's invention. Barkley does not cure these deficiencies of Win and Rowe as it 
includes no teaching of a hierarchical entitlement system with inheritance that enables 
one to define and enforce user permissions to perform financial transactions. In addition, 
Applicant's claimed invention is distinguishable for the following additional reasons. 

As previously discussed, Applicant's solution provides a hierarchical entitlements 
structure with inheritance enabling one role to inherit permissions from another role. 
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More particularly, Applicant's claimed invention provides for a hierarchy of roles in 
which roles are inherited from above (Applicant's specification, paragraph [0045]). 
Significantly, Applicant's approach is to structure such inheritance negatively so as to 
apply restrictions as one goes down in the hierarchical entitlements structure (Applicant's 
specification, paragraph [0045]). With Applicant's solution the root node residing at the 
top of the inheritance structure, for example, has all permissions and may perform all 
functions in the system (Applicant's specification, paragraph [0045]). As the hierarchy is 
traversed downward, additional restrictions are applied (Applicant's specification, 
paragraph [0045]). This approach of restricting inherited permissions is included, for 
instance, as limitations of Applicant's claim 3 as follows: 

wherein said step of defining a plurality of entitlement groups includes restricting 
permissions inherited by an entitlement group from its parent entitlement group in 
said hierarchical entitlement structure . 

(Applicant's claim 3, emphasis added) 

Thus, Applicant's solution provides for top-down inheritance in which an 
entitlement group inherits permissions from its parent, but typically subject to restrictions 
on such permissions. Although Barkley discusses that one role may inherit from another 
roles, Barkley takes a bottom-up, rather than a top-down, approach to inheritance. As 
described at column 9, lines 48-5 1 of Barkley, a "manager" role has its own permissions 
and also inherits those permissions of its "subordinates" (Barkley, column 9, lines 48-51). 
Another example of Barkley' s bottom-up approach to inheritance is described at column 
12, lines 19-26 which describes a financial advisor role inheriting privileges from an 
account rep role, such that the financial advisor has the permissions necessary to function 
as an account rep (Barkley, column 12, lines 19-26). Thus, Barkley in fact teaches away 
from Applicant's top-down inheritance approach . Additionally, the Examiner also 
references column 11, lines 39-43 and column 13, lines 14-15 of Barkley as including 
teachings of restricting permissions inherited from a parent group of Applicant's claim 3. 
However, Applicant's review of the referenced teachings finds that while they discuss 
various roles having different object access privileges (e.g., to read, write or delete 
certain objects) they do not include teachings of restricting permissions inherited from its 
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parent in a hierarchical entitlement structure. Given Barkley's bottom-up approach to 
inheritance, this is not surprising. Additional restrictions would not typically be applied 
to managers, for example, on privileges that they inherit from lower level subordinates. 

All told, Barkley does not cure the deficiencies of Win and Rowe as to 
Applicant's claimed invention. Moreover, Barkley's bottom-up approach to inheritance 
teaches away from Applicant's top-down inheritance methodology in which lower level 
entitlement groups inherit permissions from their parents subject to restrictions on such 
inherited permissions. Accordingly, Applicant's claims 2-3, 6, 9 and 17 are believed to 
distinguish over the combined references and overcome any rejection under Section 103 

Any dependent claims not explicitly discussed are believed to be allowable by 
virtue of dependency from Applicant's independent claims, as discussed in detail above. 

Conclusion 

In view of the foregoing remarks and the amendment to the claims, it is believed 
that all claims are now in condition for allowance. Hence, it is respectfully requested that 
the application be passed to issue at an early date. 

If for any reason the Examiner feels that a telephone conference would in any way 
expedite prosecution of the subject application, the Examiner is invited to telephone the 
undersigned at 925 465 0361. 

Respectfully submitted, 

Date: February 1, 2008 /G. Mack Riddle/ 

G. Mack Riddle, Reg. No. 55,572 
Attorney of Record 

925 465-0361 

925 465-8143 FAX 
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